// For flags

CVE-2019-9676

 

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability.

Vulnerabilidad de desbordamiento de búfer encontrada en algunos dispositivos de cámara IP Dahua IPC-HFW1XXX, IPC-HDW1XXX, IPC-HFW2XXX Compilación antes del 2018/11. La vulnerabilidad se encuentra en la función de redireccionamiento de la información de impresión del puerto serie, que no puede ser utilizada por las funciones básicas del producto. Después de que un atacante inicia sesión localmente, esta vulnerabilidad puede ser explotada para provocar el reinicio del dispositivo o la ejecución de código arbitrario. Dahua identificó los problemas de seguridad correspondientes en el proceso de auditoría de código estático, por lo que gradualmente eliminó esta función, que ya no está disponible en los dispositivos y software más nuevos. Dahua ha lanzado versiones de los productos afectados para corregir la vulnerabilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-03-11 CVE Reserved
  • 2019-06-12 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://www.dahuasecurity.com/support/cybersecurity/details/617 2019-06-17
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dahuasecurity
Search vendor "Dahuasecurity"
 Ipc-hfw1xxx Firmware
Search vendor "Dahuasecurity" for product "Ipc-hfw1xxx Firmware"
 < 2018-11
Search vendor "Dahuasecurity" for product "Ipc-hfw1xxx Firmware" and version " < 2018-11"
-
Affected
in Dahuasecurity
Search vendor "Dahuasecurity"
 Ipc-hfw1xxx
Search vendor "Dahuasecurity" for product "Ipc-hfw1xxx"
--
Safe
Dahuasecurity
Search vendor "Dahuasecurity"
 Ipc-hdw1xxx Firmware
Search vendor "Dahuasecurity" for product "Ipc-hdw1xxx Firmware"
 < 2018-11
Search vendor "Dahuasecurity" for product "Ipc-hdw1xxx Firmware" and version " < 2018-11"
-
Affected
in Dahuasecurity
Search vendor "Dahuasecurity"
 Ipc-hdw1xxx
Search vendor "Dahuasecurity" for product "Ipc-hdw1xxx"
--
Safe
Dahuasecurity
Search vendor "Dahuasecurity"
 Ipc-hfw2xxx Firmware
Search vendor "Dahuasecurity" for product "Ipc-hfw2xxx Firmware"
 < 2018-11
Search vendor "Dahuasecurity" for product "Ipc-hfw2xxx Firmware" and version " < 2018-11"
-
Affected
in Dahuasecurity
Search vendor "Dahuasecurity"
 Ipc-hfw2xxx
Search vendor "Dahuasecurity" for product "Ipc-hfw2xxx"
--
Safe